Quick Reference Table
Role | Scope | User Mgmt | HR Functions | Financial | Events | Communication | Inherits From |
---|---|---|---|---|---|---|---|
Administrator (Orgo) | Organization | Full | Full | Full | Full | Full | - |
Admin | Organization | DELETE, CREATE/UPDATE Groups | - | - | - | - | - |
HR | Organization | CREATE, UPDATE All | Full + Confidential | - | - | - | HR Assistant |
HR Assistant | Organization | - | VIEW Confidential, UPDATE Docs | - | - | - | - |
Financial | Organization | - | VIEW Confidential, UPDATE Docs | Full Payment/Products | - | - | HR Assistant |
Event Manager | Organization | - | - | - | CREATE/UPDATE | - | - |
Communication Manager | Organization | - | - | - | - | Full Newsletter/Moderation | - |
Trainer | Organization | - | - | - | CREATE Training | - | - |
HR Parent Local | Local Parent | CREATE, UPDATE All | Full + Confidential | - | - | - | HR Local, HR Assistant Local |
HR Local | Local | CREATE, UPDATE All | Full + Confidential | - | - | - | HR Assistant Local |
HR Assistant Local | Local | - | VIEW Confidential, UPDATE Docs | - | - | - | - |
Financial Regional | Regional | - | VIEW Confidential, UPDATE Docs | Full Payment/Products | - | - | Financial Local, HR Assistant Local/Parent |
Financial Local | Local | - | VIEW Confidential, UPDATE Docs | Full Payment/Products | - | - | HR Assistant Local |
Communication Regional | Regional | - | - | - | - | Full Newsletter/Moderation | Communication Local |
Communication Local | Local | - | - | - | - | Full Newsletter/Moderation | - |
Event Regional | Regional | - | - | - | CREATE/UPDATE | - | Event Local |
Event Local | Local | - | - | - | CREATE/UPDATE | - | - |
Inheritance Tree Structure
Key Permission Abbreviations
- CREATE: Create new entities (users, groups, events)
- UPDATE: Modify existing entities
- DELETE: Remove entities from system
- VIEW: Read-only access
- APPROVE: Authorize pending actions
- Full: Complete control over the module
Understanding Permission Hierarchy
Permissions are structured in three tiers:- Organizational: Full access across the entire organization
- Regional: Access limited to specific regional boundaries
- Local: Access restricted to individual local groups
Core Permission Levels
Administrator (Orgo)
The highest level of permissions with complete organizational control. Allowed Actions:- Update organizational settings for REPER
- Manage roles, role groups, event types, badge types, and unit types
- Full system administration capabilities
Admin
Administrative permissions for user and group management. Allowed Actions:- Delete user accounts
- Create and update local groups
- Manage organizational structure
HR (Human Resources)
Comprehensive permissions for managing user profiles and organizational structure. Allowed Actions:- User Management
- Create new user accounts
- Update user’s organizational roles via
Profile
->Roles
- Update user’s permission roles via
Profile
->Permissions
- Update user’s local group assignment via
Profile
->Permissions
- Update user’s status via
Profile
->Permissions
- Document Management
- Update and read confidential profile data
- Update and approve user identity documents
- Update and approve user adhesion requests
- Additional Capabilities
- Full access to HR Assistant functions
HR Assistant
Limited HR permissions focused on document and data management. Allowed Actions:- View confidential profile data
- Update and approve user identity documents
- Create and update gamifications/badges
Financial
Permissions for financial operations and payment processing. Allowed Actions:- Data Access
- View confidential profile data
- View payment details
- Financial Operations
- Approve payments
- Update products
- Generate CSV reports
- Document Management
- Update and approve user identity documents
- Additional Capabilities
- Full access to HR Assistant functions
Communication Manager
Content and communication management permissions. Allowed Actions:- Create and update newsletters
- Create public discussions (when restricted for regular users)
- Delete comments and discussions
- Moderate comments and discussions (content labeled as “moderated”)
Event Manager
Event creation and management permissions. Allowed Actions:- Create and update events
- Manage event details and participants
Trainer
Training and educational event management. Allowed Actions:- Create training events
- Manage attendees in training events
- Configure training-specific settings
Regional Permission Scope
Regional administrators have elevated permissions within their assigned geographic or organizational region. Available Regional Roles:- Admin Regional
- HR Regional
- Financial Regional
- Event Regional
- Communication Regional
Local Permission Scope
Local administrators have permissions restricted to their specific local group. Available Local Roles:- Admin Local
- HR Local
- Financial Local
- Event Local
- Communication Local
Action Definitions
Core Actions
CREATE - Generate new entities in the system:- Users, groups, events, newsletters, discussions
- User profiles, settings, content, products
- Users, comments, discussions (restricted to specific roles)
- Confidential data, payment details, user profiles
- Identity documents, payments, adhesion requests
- Roles, events, attendees, organizational settings
- Comments and discussions (Communication Manager only)
Implementation Guidelines
Permission Assignment
- Navigate to
User Profile
->Permissions
to assign roles - Select appropriate permission level based on user responsibilities
- Configure regional or local scope if applicable
- Save changes and verify access levels
Best Practices
Security Considerations:- Conduct regular permission audits
- Log all permission changes for compliance
- Require confirmation for sensitive operations (DELETE, APPROVE)
- Implement geographic/organizational isolation through scoped permissions
- Confidential profile data restricted to HR, HR Assistant, and Financial roles
- Identity document approval limited to HR, HR Assistant, and Financial roles
- Content moderation exclusive to Communication Managers
- Training event creation restricted to Trainers
Permission Inheritance
Higher-level permissions typically include capabilities of lower levels:- Administrator (Orgo) has all system permissions
- HR includes all HR Assistant capabilities
- Financial includes HR Assistant functions
- Regional scope includes all local capabilities within the region
Troubleshooting Common Issues
User Cannot Access Expected Features:- Verify permission level in
User Profile
->Permissions
- Check if feature requires regional or local scope
- Confirm module is enabled in
Organisation Settings
->Modules
- Have user log out and log back in
- Clear browser cache
- Verify changes were saved properly
- Confirm user’s assigned region or local group
- Check organization hierarchy configuration
- Verify scope settings in permission assignment